---
layout: docs
page_title: 'nomad acl auth-method update command reference'
description: |
  The `nomad acl auth-method update` command updates an existing access control list (ACL) authentication method.  Modify name, name format, description, OIDC or JWT type, local or global, and time to live (TTL).
---

# `nomad acl auth-method update` command reference

The `acl auth-method update` command is used to update existing ACL Auth
Methods.

## Usage

```plaintext
nomad acl auth-method update [options] <auth-method_name>
```

The `acl auth-method update` command requires an existing method's name.

## Options

- `-name`: Sets the human-readable name for the ACL Role. It is required and
  can contain alphanumeric characters and dashes. This name must be unique and
  must not exceed 128 characters.

- `-description`: A free form text description of the role that must not exceed
  256 characters.

- `-policy`: Specifies a policy to associate with the role identified by their
  name. This flag can be specified multiple times and must be specified at
  least once.

- `-no-merge`: Do not merge the current role information with what is provided
  to the command. Instead, overwrite all fields with the exception of the role
  ID which is immutable.

- `-type`: Updates the type of the auth method. Supported types are `OIDC` and
  `JWT`.

- `-max-token-ttl`: Updates the duration of time all tokens created by this auth
  method should be valid for.

- `-token-locality`: Updates the kind of token that this auth method should
  produce. This can be either `local` or `global`.

- `token-name-format`: Sets the token format for the authenticated users.
  This can be lightly templated using HIL '${foo}' syntax. Defaults to
  '${auth_method_type}-${auth_method_name}'.

- `-default`: Specifies whether this auth method should be treated as a default
  one in case no auth method is explicitly specified for a login command.

- `-config`: Auth method [configuration][] in JSON format. You may provide '-'
  to send the config through stdin, or prefix a file path with '@' to indicate
  that the config should be loaded from the file.

- `-json`: Output the ACL auth method in a JSON format.

- `-t`: Format and display the ACL auth method using a Go template.

## Examples

Update an existing ACL auth method:

```shell-session
$ nomad acl auth-method update -token-locality "global" -token-name-format '${auth_method_name}-${value.user}' -config @config.json example-acl-auth-method
Name                = example-acl-auth-method
Type                = OIDC
Locality            = global
Max Token TTL       = 1h0m0s
Token Name Format   = ${auth_method_name}-${value.user}
Default             = false
Create Index        = 14
Modify Index        = 33

Auth Method Config

OIDC Discovery URL     = https://my-corp-app-name.auth0.com/
OIDC Client ID         = V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt
OIDC Client Secret     = example-client-secret
Bound audiences        = V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt
Allowed redirects URIs = http://localhost:4646/oidc/callback
Discovery CA pem       = <none>
Signing algorithms     = <none>
Claim mappings         = {http://example.com/first_name: first_name}; {http://example.com/last_name: last_name}
List claim mappings    = {http://nomad.com/groups: groups}
```

## General options

@include 'general_options_no_namespace.mdx'

[configuration]: /nomad/api-docs/acl/auth-methods#config
